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istrator at the unified password prompt is compared with a 
stored power-on password. If the user password string 
matches the stored power-on password, then access to 
system resources is granted. If the user password string does 
not match the stored power-on password, then the user 
password string is compared to a stored administrator pass- 
word. If the user password string matches the stored admin- 
istrative password, then access to system resources is 
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password string matching either the stored power-on pass- 
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UNIFIED PASSWORD PROMPT OF A disclosed embodiment is coosidered ia conjunction with the 

COMPUTER SYSTEM following drawings, in which: 

BACKGROUND OF THE INVENTION P^^- 1 is a schematic diagram of a computer system in 

^ r-. ij r I- 1 accordance with the present invention; 

1. Field of the Invention ^ ^ . , . r nr^ i.- j 
rn. . ■ 1 * * 1 * ^ FIG. 2 IS a schematic diagram of a super I/O chip and a 
The present mvcntxon relates to personal computer sys- • .01^ r^i. * . fcr*- 1 

. - J * *• J *■ 1 ,1,. security ASIC of the computer system of RG. 1: 

tems havmg password protection, and more particularly to ;>vvuiii;f ™iv. vwi^^i^ j , 

personal computer systems for use with an administrator FIGS. 3A-3B are flowcharU of a unified password 

password and a user power-on password. prompt process in accordance with the present invention; 

2. Description of the Related Art 10 

Security has become an important issue for computer FIG. 4 is a state diagram further illustrating a unified 

systems. Password protection is now a common feaUire password prompt process in accordance with the present 

protecting computer systems from unauthorized users. With invention, 

added levels of security comes the annoyance of memoriz- nPSPRlPTrnN OF THE 
ing and entering multiple passwords before a system can be ]^s^ n^E^ eZoSiM^ 
booted or system resources can be modified. System admin- DISCLOSED EMBODIMENT 
istraiors must be able to change a computer's resources at The following patents are hereby incorporated by refer- 
any time. System administrators thus are hindered by having cnce: 

to enter multiple passwords at boot-up to accomplish this Commonly-assigned U.S. Pat. No. 4,959,860, entitled 

task. "USER POWER-ON PASSWORD FUNCTIONS FOR 

A conventional method for a system administrator to COMPUTER SYSTEM," granted Sep. 25, 1990; 

modify a system resource has required multiple password Commonly-assigned U.S. Pat. No. 5,375,243, entitled 

prompts. When a computer system is powered on, Basic "HARD DISK PASSWORD SECURITY SYSTEM," 

Input Output System (BIOS) code is executed. The BIOS granted Dec. 20, 1994; and 

code goes through a power-on-sclf test (POST). At a certain Commonly-assigned U.S. Pat. No. 5,097,506, entitled 

point in POST, POST is paused and a power-on password "KEYBOARD PASSWORD LOCK," granted Mar. 17, 

prompt is provided. For POST to continue, a correct user 1992, 

power-on password must be provided at the power-on pass- following patent applications are hereby incorporated 

word prompt. If a system administrator desires to modify a reference: 

system resource, then an administrator password prompt is Commonly-assigned U.S. patent application Ser. No. 

provided at which the administrative password must be 08/396,343, entitled "SECURITY CONTROL FOR 

entered. A system administrator thus must enter two pass- PERSONAL COMPUTER," filed on Mar. 3, 1995; and 

words before being able to modify system resources. If a Commonly-assigned U.S. patent application Ser. No. 

system administrator does not know the user's power-on 09/070,458, entitled "METHOD AND APPARATUS 

password, then the system administrator is unable to per- PROVIDING REMOTE ACCESS TO SECU- 

form system resource modifications. j^j^y FEATURES ON A COMPUTER NETWORK/' 

SUMMARY OF THE INVENTION filed Apr. 30, 1998. 

A computer system in accordance with the present inven- ^ Turning to FIG. 1. illustrated is a typical computer system 

tion provides a unified password prompt for accepUng a user S implemented according to the invention. While this system 
power-on password or an administrator password. A pass- ^0 is illustrative of one embodiment, Uie techniques according 

word string entered by the user at the unified password to the mvention can be implemented m a wide van^y of 

promptis.lmparedwithastoredpower-onpassword.If the ^V^tems. The computer sys^m S in the illustrated embodi- 

LrpassworxlstringmatchestbesWedpower..npassword, ment is a PCI bus/ISA bus based m^^^^^^ 

then access to system resources is granted. If the user ml component mterconnect (PCI) bus 10 ^od an indi^t^ 
password string does not match the stored power-on <5 standard architectiire OSA bus 12. TTie PCI bus 10 is 

password, then The user password string is compared to a controlled by PCI controUer ^^^l^^'^^^^^ 

stored administrator password. If the user password string memory/accelerated graphi^^ AGP)/PCI controller 14^ 

matches the stored administrative password, then access to ^''''''''''''''^'f't:^^^^^ 

system resources is granted. If the user password string does « a processor socket 16 via a host bus an AQp ^ 
not match the stored administrative password, then the 50 18 a memory ^^s^stem 20 a^^^ 

system administrator is given a predetermined number of bndge circuit, a PCI/ISA bndge ^^(^^e ISA badges ) 

times to enter a password string matching either the stored bndges between the PCI bus 10 and the ISA bus 12. 

power-on password or the stored adminisfrator password. If ^ ^The host bridge 14 in the disclosed embodiment is a 

a password string matching either the stored power-on ^^^XJuteg^^^^^^^ 

password or the Led administrator password is not pro- ^5 as the PCI AGP Controller (PAC^ The SA badge 24 is a 

vided in the predetermined number of times, access to PIIX4, also by Intel Corporation. Tlie host b^^^^^^^ 

system resour^ is denied. A unified password prompt in bndge 24 provide capabilities other than bridging between 

aLrdance with the present invention does not require a i^r'."'^''.'.TK^^^^^ 
systemadministratortoknowauser^spower-onpasswordin 

older to access system resources. A unified password prompt ^0 14 mcludes mterface arcuitry for the AGPcormector 18 the 

also permits a system administrator to configure a plurality memory subsystem 20 and the AGP 22. TTie ISA b^^^^^^^^ 

of computer systems by providing a single administrative farther mcludes an internal enhanced IDE controller for 

password rather than a pluraUty of user power-on passwords. controlhng up to four enhanced IDE dnves 26, and a 

^ f .r r r universal serial bus (USB) controller for controllmg USB 
BRIEF DESCRIPTION OF THE DRAWINGS ^5 po^ts 28. 

A better understanding of the present invention can be The host bridge 14 is preferably coupled to the processor 

obtained when the following detailed description of the socket 16, which is preferably designed to receive a Pentium 
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II processor module 30, which in turn includes a micropro- cific integrated circuit (ASIC) 80, which provides a variety 

cesser core 32 and a level two (L2) cache 34. The processor of miscellaneous functions for the system. The ASIC 80 

socket 16 could be replaced with different processors other inchides security features, system power control, light cmit- 

than the Pentium II without detracting from the spirit of the ting diode (LED) control, a PCI arbiter, remote wake up 

invention. 5 logic, system fan control, hood lock control, ACPI registers 

The host bridge 14, when the Intel 440LX North Bridge ^nj support, system temperature control, and various glue 

15 employed, supports extended data out (EDO) dynamic iQ^ic. Finally, a video display 82 can be coupled to the AGP 
^^^T/^^i^^^"?" ^^^^ synchronous DRAM connector 18 for display of data by the computer system S. 
(SDRAM), a 64/72-bit daU path memory a maxunum Again, a wide variety of systems could be used instead of the 
"^^Tl^m^^ one gigabyte, dual mUnc memory ^^loscd system S without detracting from the spirit of the 
module (DIMM) presence detect, eight row address strobe . . ' ^ *^ 

(RAS) lines, error conrecting code ^CC) with single and "ivenuon. 

multiple bit error detection, read-around-write with host for ^^^^^S ^ ™- ^ the contents of the super I/O chip 62 

pa reads, and 3.3 volt DRAMs. The host bridge 14 support ^^"'V ^ ^"^^^^ password prompt 

up to 66 megahertz DRAMs, whereas the processor socket P^^^^ '° accordance with the present mvention are shown. 

16 can support various integral and non-integral multiples of 15 The super I/O chip 62 includes a CMOS memory 100 having 
that speed. * CMOS location 104 for storing a user power-on password 

The ISA bridge 24 also includes enhanced power man- and a CMOS location 106 for storing an administrator 

agement. It supports a PCI bus at 30 or 33 megahertz and an password. Access to these CMOS locations is controlled by 

ISA bus 12 at Va of the PCI bus frequency. PCI revision 2.1 an AEN signal 108a externally designated as SIOAEN 108^? 

is supported with both positive and subtractive decode. The 20 and the IOWC# signal UOo externally designated as SIO- 

standard personal computer input/output 0/0) functions are WCL 11 Oi). The super I/O chip 62 also includes a real time 

supported, including a dynamic memory access (DMA) clock (RTC) 102. It should be understood that other com- 

conlroller, two 82C59 interrupt controllers, an 8254 timer, a ponents within the super I/O chip 62 which are not related 

real time clock (RTC) with a 256 byte couple metal oxide to the present invention have been omitted, 

semiconductor (CMOS) static RAM (SRAM), and chip 25 The security ASIC 80 includes a "black box" 112. The 

selects for system read only memory (ROM), RTC, key- blackbox, which is a secure memory device used for locking 

board controller, an external microcontroller, and two gen- and unlocking resources within the computer system S, is 

eral purpose devices. The enhanced power management coupled to a black box status/data register 120 and a black 

within the ISA bridge 24 includes full clock control, device box command register 122. In the disclosed embodiment, 

management, suspend and resume logic, advanced configu- 30 the black box 112 provides three slots: Slot 0, Slot 1 and Slot 

ration and power interface (ACPI), and system management 2, respectively. Slot 0 indicated at 114 is used to store a 

bus (SMBus) control, which implement the inter-integrated password for locking and unlocking the flash ROM 78. 

circuit (PC) protocol. When the flash ROM 78 is in a locked slate, programming 

The PCI bus 10 couples a variety of devices that generally of the flash ROM 78 is disabled. When the flash ROM 78 is 
take advantage of a high speed data path. This includes a 35 in an unlocked state, programming of the flash ROM 78 is 
small computer system interface (SCSI) controUer 36, with enabled. Slot 1 indicated at 116 is used for storing a user 
both an internal port 38 and an external port 40. In the power-on password. The user power-on password controls 
disclosed embodiment, the SCSI controller 36 is a AlC-7860 entry into and/or exit from a user password protected mode. 
SCSI controller. Also coupled to the PCI bus 10 is a network For example, the user power-on password may be used to 
interface controller (NIC) 42, which preferably supports the 40 control locking and unlocking of the keyboard 68. Slot 2 
ThunderLan"^ power management specification by Texas indicated at 118 is used for storing the administrator pass- 
Instruments. The NIC 42 is coupled through a physical layer word. An administrator password places the computer sys- 
44 and a filler 46 to an RJ45 jack 48, and through a filter 50 tem S into an administrator mode. Certain features of the 
to a AUl jack 52. computer system S are exclusively controllable within the 

Between the PCI Bus 10 and the ISA Bus 12, an ISA/PCI 45 administrator mode. In the disclosed embodiment, these 

backplane 54 is provided which include a number of PCI and features include setup of the computer system S from a 

ISA slots. This allows ISA cards or PCI cards to be installed floppy drive 74 or a system partition, flashing the system 

into the system for added functionality. ROM 78, and controlling an electronic hood lock. The 

Further coupled to the ISA Bus 12 is an enhanced sound electronic hood lock controls access to the interior of the 

system chip (ESS) 56, which provides sound management 50 computer system S. If the electronic hood lock is enabled, 

through an audio in port 58 and an audio out port 60. The access to the interior to the computer system S is inhibited 

ISA bus 12 also couples the ISA bridge 24 to a Super I/O to prevent unwanted configuration changes or component 

chip 62, which in the disclosed embodiment is a National removal. The administrator password of slot 2 118 is pref- 

Semiconductor Corporation PC87307VUL device. This erably the password in slot 0 114 for protecting the system 

Super I/O chip 62 provides a variety of input/output 55 ROM 78. 

functionality, including a parallel port 64, an infrared port In the disclosed embodiment, the blackbox command 

66, a keyboard conU-oUer for a keyboard 68, a mouse port for register 122 is a seven bit read/write register. Bits 7-5 are 

a mouse port 70, additional series ports 72, and a floppy disk index bits aflowing for selection of a particular slot of the 

drive controller for a floppy disk drive 74. These devices are black box 112. A command provided to the blackbox com- 

coupled through connectors to the Super I/O 62. 60 mand register 122 is directed to the particular slot selected. 

Jh& ISA bus 12 is also coupled through bus transceivers Bit 4 is preferably reserved and therefore should return a '0' 

76 to a flash ROM 78, which can include both basic when read. Bits 3-0 are used for storing a blackbox com- 

input/output system (BIOS) code for execution by the pro- mand provided to the blackbox command register 122. The 

cesser 32, as well as an additional code for execution by command sequence "0000" represents a Read Status black- 

microconlroUers in a ROM-sharing arrangement. 65 box command. The Read Status blackbox command causes 

The ISA bus 12 further couples the ISA bridge 24 to a the next byte read from the blackbox status/data register 120 

security, power, ACPI, and misceUaneous application spe- to be the status of the black box 112. The command sequence 
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"0001" represents the Store Password blackbox command. Referring to FIGS. 3A-3B, a imified password prompt 
Following the Store Password blackbox command, the next process in accordance with the present invention is shown, 
eight bytes written to the blackbox status/data register 120 In the disclosed embodiment, the unified password prompt 
are stored as the password. The command sequence "0010'' process is performed by the processor 32 executing pass- 
represents the Protect Resources blackbox command. The 5 word verification code within BIOS. The process begins 
Protect Resources blackbox command locks a selected ^th cither a cold boot in step 300 or a warm boot in step 
blackbox slot. The command sequence "0100" represents 3^4 pjom ^oih step 304 and step 300, control proceeds to 
the Store Password blackbox command. The Store Password ^^^p wherein it is determined if a network server mode 
blackbox command serves two funcuons. If each byte of the ^ network serve mode bit is set, the 
next eight bytes wntten to the stams/data blackbox register g ^ ^ ^^^^^^ ^^^^ ^^^^ 
120 are the same, then the Store Password bladcbo com- ^^^^^^^ ^^^^ ^^ ^^^^^ ^ 

mand unlocks the selected blackbox slot. If the bytes or the ^ o • j- ui j ir.t. : 1 j u < • . 

. • u. u * * c-i.f..^/A.t. kio^uk;>^ r^«,vt«r system S is disabled. If the network server mode bit is set, 

next eight bytes wntten to the status^data blackbox register ^ . , ^ ^ ^t^^ . • .i_ 1 l j ro ■ 

120 are not the same, then the Store Password command ^^^^^^oj P^^^^^ ^^^P 306 wherem the keyboard 68 is 

causes the bytes to be compared with the stored password. ConUol then proceeds to step 308 wherein it is 

The command sequence "1000" represents the Permanently ^5 determmed if the user power-on password is detected. If a 

Locked Resources blackbox command. The PermanenUy user power-on password is not detected, control remrns to 

Locked Resources blackbox command prohibits access to step 308. The computer system S thus remains in a network 

the selected blackbox slot until the security ASIC 80 is reset. server mode until a user power-on password is detected. If 

Further, in the disclosed embodiment, the blackbox status/ a user power-on password is detected in step 308, control 

data register 120 is a seven bit read/write register. For a write 20 proceeds to step 310 wherein the computer system S enters 

operation, bits 7-0 represent the password byte. While the a user mode. From step 310, control terminates through step 

blackbox status/data register 120 serves as a data register for 312. 

a write operation, the blackbox status/data register 120 If the network server mode bit is not set and a cold boot 

serves as a status register for a read operation. Referring to was initiated, control proceeds from step 302 to step 316. In 

a read operation, bits 7-5 represent index bits for selection 25 step 316 a user power-on-self-test (POSp is initiated, 

of a particular slot of the black box 112. Bits 4-3 are Control then proceeds to step 318 wherein it is determined 

reserved and therefore should return a "0" if read. Bit 2 if a valid user power-on password is present at the user 

indicates whether a selected slot is permanently locked. If a poweron password CMOS location 104. If the user power- 

"1" is stored in bit 2, the selected slot is permanently locked, on password is invalid, control proceeds to step 320 wherein 

and if a "0" is stored in bit 2, the selected slot is not 30 the user power-on password is deleted at the user power-on 

permanently locked. Bit 1 indicates whether a delay is in password CMOS location 104, Control then proceeds to step 

progress. A delay in progress occurs when there is a pass- 322 wherein a user power-on password vaUd bit is cleared, 

word mismatch. If there is a password match, there is no From step 322, control exits through step 324. 

delay in progress. In the disclosed embodiment, a "1" refers If the user power-on password is valid, control proceeds 

to a delay in progress, and a "0" refers to the absence of a 35 from step 318 to step 326. In step 326, it is determined 

delay in progress. The 0 bit indicates whether the selected whether the administrator password stored at the adminis- 

slot is protected or unprotected. If a "1" is stored in the 0 bit, trator password CMOS location 106 is valid. If the admin- 

the selected slot is protected, and if a "0" is stored in bit 0, istrator password is invalid, control proceeds to step 328 

the selected slot is unprotected. Further details concerning wherein the administrative password is deleted. From step 

the operation of the black box 112, the blackbox command 40 328, control proceeds to step 330 wherein an administrator 

register 122 and the blackbox status/data register 120 are password vaUd bit is cleared. Control then exits through step 

provided in commonly-assigned U.S. patent application Ser 324. 

No. 08/396,343, entitled "SECURITY COIVTROL FOR If the administrative password is valid, control proceeds 
PERSONAL COMPUTER," and commonly-owned U.S. from step 326 to step 329 wherein the Store Password 
patent application Ser. No. 09/070,458, entitled "METHOD 45 blackbox command is written to the blackbox command 
AND APPARATUS FOR PROVIDING REMOTE register 122 for slot 1 116. Control then proceeds to step 332 
ACCESS TO SECURITY FEATURES ON A COMPUTER wherein the user power-on password is downloaded to slot 
NETWORK,'* previously incorporated by reference. It 1 116. This download is achieved by writing the user 
should be understood that the number of bits and bytes and power-on password to the blackbox status/data register 120. 
the particular bit sequences described may be varied to 50 Writing the user power-on password to the blackbox status/ 
achieve other embodiments of the black box 112. data register 120 with slot 1 selected following a Store 
The security ASIC 80 also includes security logic 126 for Password blackbox command causes the user power-on 
controlling the SIOAEN signal 1086 and the SIOWCL password to be stored in slot 1 116. From step 332, control 
signal 110b. If the security logic 126 asserts the SIOAEN proceeds to step 334 wherein the Protect Resources black- 
signal IO8/7, blockage of write operations to the user power- 55 box command is written to the blackbox command register 
on password CMOS location 104 and the administrator 122. This command places slot 1 is a locked state. Control 
password CMOS location 106 occurs. If the security logic next proceeds to step 335 wherein the Store Password 
126 asserts the SIOWCL signal llOfc, both writes and reads blackbox conmiand is written to the blackbox command 
are blocked to the user power-on password CMOS location register 122 for slot 2 118. From step 335, control proceeds 
104 and the administrator password CMOS location 106, If 60 to step 336 wherein the administrator password is down- 
both the SIOAEN signal 1086 and SIOWCLsignal 1106 are loaded to slot 2. This download is achieved by writing the 
deasserted, read and write cycles to the user power-on administrator password to the blackbox status/data register 
password CMOS location 104 and the administrator pass- 120 following a Store Password blackbox command written 
word location CMOS 106 may be decoded. The SIOAEN to the blackbox status/data register 120. Control next pro- 
signal 1086 and the SIOWCL signal 1106 may also be used 65 ceeds to step 338 wherein the Protect Resources blackbox 
to prevent read and/or write access to super I/O security command is written to the blackbox command register 122 
registers 124 within the security ASIC 80. for slot 2. This command places slot 2 in a locked state. 
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If the network server mode bit is not set and a warm boot 
was initiated, control proceeds from step 302 to step 314. In 
step 314, POST is initiated. From step 314 and step 338, 
control proceeds to step 339 wherein a unified password 
prompt in accordance with the present invention is provided. 
Unlike a conventional password prompt, the unified pass- 
word prompt may accept a user power-on password or an 
administrator password. One advantage of a unified pass- 
word prompt is that an administrator does not need to know 
the user power-on password for a computer system. Control 
next proceeds to step 340 (FIG. 3B). In step 340, the 
NUMBER_TRIES variable is initialized. This variable, 
which is preferably initialized by setting it to '0,' tracks the 
number of times the user has entered a string at the unified 
password prompt. From step 340, control proceeds to step 
342 wherein a user password string is fetched. A user 
password string refers to a string entered by the user at the 
unified password prompt. From step 342, control proceeds to 
step 343 wherein the Access Resources blackbox command 
is written to the blackbox command register 122 for slot 1. 20 
This command causes the next eight bytes written to the 
blackbox status/data register 120 to be stored in slot 1. 

Control then proceeds to step 344 wherein the user 
password string is downloaded to the blackbox status/data 
register 120, From step 344, control proceeds to step 346 25 
wherein it is determined if the user password string matches 
the user power-on password stored in slot 1 116. If there is 
a match, control proceeds to step 350 wherein slot 1 is 
unlocked with the Access Resources blackbox command. 
The Access Resources blackbox command unlocks a slot if 30 
each byte of the command is the same. Control then pro- 
ceeds to step 351 wherein a keyboard controller 128 (FIG. 
2) is loaded with a slot 1 password. The keyboard controller 
128 is a controller within the super I/O chip 62 for connect- 
ing to the keyboard 68. Loading the user power-on password 
of slot 1 116 to the keyboard controller 128 allows for a 
quicklock mode option for the computer system S. When a 
quicklock mode is enabled, a keyboard and pointing device 
interface 130 (FIG. 2) is disabled. A user power-on password 
may be used to disable the quicklock mode. By loading the 
keyboard controller 128 with the user power-on password, 
the keyboard controller 128 is able to detect when a user 
power-on password has been entered during a quicklock 
mode. 

If the user password string does not match the slot 1 
password in step 346, control proceeds to step 348 wherein 
the Access Resources blackbox command is written to the 
blackbox command register 122 for slot 2 118. Control then 
proceeds to step 349 wherein the user password string is 
downloaded to the blackbox data register 120. Providing the 
user password string to the blackbox data register following 
an Access Resource blackbox command causes a user pass- 
word string to be stored in slot 2. From step 349, control 
proceeds to step 352 wherein it is determined if the user 
password siring matches the password stored in slot 2 118. 
If there is not a match, control proceeds to step 354 wherein 
the NUMBER„TR1ES variable is incremented. Control 
then proceeds to step 356 wherein it is determined if the 
NUMBER_TRIES variable is equal to the maximum num- 
ber of tries allowed by the unified password prompt process. 
In the disclosed embodiment, the maximum number of tries 
for a user to attempt to enter the correct password is three. 
If >aJMBER_TRIES is equal to the maximum number of 
tries, control terminates through step 312. If NUMBER_ 
TRIES is not equal to the maximum number of tries, control 
returns to step 342 wherein the user may enter another 
password string. 
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[f there is a match in step 352, control proceeds to step 
353 wherein slot 2 is unlocked by an Access Resources 
blackbox command. From step 353, control proceeds to step 
359 wherein the computer system S enters a user mode. By 
providing a unified password prompt in accordance with the 
present invention, entry into a user mode may be obtained 
xising an administrator password or a user power-on pass- 
word. From step 359, control proceeds to step 360 wherein 
the CMOS bit for the previous mode is cleared. Control then 
proceeds to step 362 wherein the backup CMOS bit for the 
previous mode is cleared. From step 362, control terminates 
through step 312. 

Referring to FIG. 4, a form of state diagram showing the 
various mode transitions supported by a unified password 
prompt process in accordance with the present invention is 
shown. The unified password prompt 404 may be obtained 
&om a password protected mode 400 or a non-password 
protected mode 402. A cold boot 410 or a warm boot 412 
transitions the computer system S from a password protected 
mode 400 to provide the unified password prompt 404. A 
cold boot 414 or a warm boot 416 may also transition the 
computer system S from a non-password protected mode 
402 to provide the unified password prompt 404. An admin- 
istrator may therefore obtain the unified password prompt 
404 from a password protected mode 400 or a non-password 
protected mode 402 following a cold boot or a warm boot. 
An example of a password protected mode 400 is a quick- 
lock mode. 

The unified password prompt 404 may accept a user 
power-on password PoP or an administrator password AP. 
The user power-on password PoP provided at the unified 
password prompt 404 places the computer system S in a user 
mode 406. An administrator password AP provided at uni- 
fied password prompt 404 places the computer system S in 
an administrator mode 408. In accordance with the present 
invention, the user mode 406 is defined as a complete subset 
of the administrator mode 408. In a conventional computer 
system, a user mode has not been a complete subset of an 
administrator mode. As such, certain functions were only 
supported by a user mode. These functions which were 
exclusively supported by a user mode have been tmavailable 
to a system administrator unless the system administrator 
knew a user's power-on password. In accordance with the 
present invention, all functions supported by a user mode are 
now available to a system administrator who is unaware of 
a user's power-on password. The unified password prompt 
404 is particularly useful to an administrator desiring to 
configure a plurality of computer systems since the unified 
password prompt permits a system administrator to enter a 
single administrator password rather than a plurality of user 
power-on passwords. 

The foregoing disclosure and description of the invention 
are illustrative and explanatory thereof, and various changes 
in the size, shape, materials, components, circuit elements, 
wiring connections and contacts, as well as in the details of 
the illustrated circuitry and construction and method of 
operation may be made without departing from the spirit of 
the invention. 

What is claimed is: 

1, A method of controlling administrator and user entry 
into a user password protected mode of a computer system, 
comprising the steps of: 

generating a unified password prompt for accepting a user 
input string matching a user power-on password or an 
administrator password; 
detecting a user input string entered at said unified pass- 
word prompt; 
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enteriag a user password protected mode if said user input 10. The method of daim 9, further comprising the step of: 

string entered at said unified password prompt matches comparing said user input siring entered at said unified 

said user power-on password; and password prompt to said user power-on password. 

entering said user password protected mode if said user n y^^ method of claim 9, further comprising the step of: 

input string entered at said unified password prompt s ^ user input string entered at said unified 

matches said admimstrator password. ^ ^, * . j j • • * * 1 

2. m .Chod of clai. 1 Ucr co.p^i^ .he step of: ^'^Zt^^^Z^t^'^T:!!^^^^ 

p^i"^^' ^ -ifi^<; P-word p.oapt is responsive to a cold boot 

3. The method of claim 1, further comprising the step of: ^"'^''^1' T^^/ • a u • * r 
comparing said user inptit string cntefcd at said unified .^^^^^^ "^^^'^^ ^^^.^^^P S^^^^' 

pLword prompt to said user power-on password. ^.T^^^ P^^^^^ P^°°^P^ ^ responsive to a warm 

4. The method of claim 1. wherein said user password boot of the computer system. 

protected mode allows for accessing and changing said user l^. A method for admmistrator access to a user power-on 

powcr-on password password for a computer system usmg a single password, 

5. The method of claim 1. further comprising the step of: comprising the steps of: 

initiating a cold boot resulting in said step of generating generating a password prompt for a user input string; 

a unified password prompt, detecting a user input string entered at the password 

6. The method of claim 5, the computer system including prompt; 

a non-volatile memory storing said user powcr-on password 20 comparing said user input string to an administrator 

and said administrator password, further comprising the password; and 

steps of: allowing access to a tiser power-on-password if said user 

downloading said user power-on password from the non- input string matches said administrator password. 

volatile memory to a first security memory slot; 15. The method of claim 14, wherein said allowing access 
downloading said administrator password from the non- 25 step comprises the step of allowing said user power-on 

volatile memory to a second security memory slot; password to be changed, 

locking the non-volatile memory and the security memory 16. The method of claim 14, further comprising the steps 

slots after said steps of downloading said user power- of: 

on password and said administrator password; comparing said user input string to said user powcr-on 

unlocking the first security memory slot if the user input password; and 

string entered at said unified password prompt matches allowing access to said user power-on if said user input 

said user power-on password; and string matches said user power-on password. 

unlocking the first seciu-ity memory slot and the second 17. The method of claim 16, wherein said step of allowing 

memory slot if the user input string entered at said access to said user power-on password if said user input 

unified password prompt matches said administrator string matches said user power-on password comprises the 

password. step of allowing said user power-on password to be changed. 

7. The method of claim 1, further comprising the step of: 18. A computer system for controlling administrator and 
initiating a warm boot resulting in said step of generating user entry into a password protected mode of the computer 

a unified password prompt. system, further comprising: 

8. The method of claim 7, the computer system including a processor for executing code; and 

a non-volatile memory storing said user power-on password ^ non-volatile memory storing a user power-on password, 

and said administrator password and further including a first administrator password, and password verification 

security memory slot storing the user power-on password ^ode, the password verification code executable by the 

and a second security memory slot storing the administrator processor and when executed, performing the steps of: 

password, further comprising the steps of: generating a unified password prompt for accepting a 

unlocking the first security memory slot if the user input ^ser input string matching a user power-on password 

string entered at said unified password prompt matches or an administrator password; 

said user power-up password; and detecting a user input string entered at said imified 

unlocking the first security memory slot and the second password prompt; 

security memory slot if the user input string entered at entering a user password proteaed mode of said user 

said unified password prompt matches said administra- input string entered at said unified password prompt 

tor password. matching said user power-on password; and 

9. A method of controlling administrator and user exit entering said user password protected mode if said user 
from a user password protected mode of a computer system, input string entered at said unified password prompt 
comprising the steps of: matches said administrator password. 

generating a unified password prompt for accepting a user 19. The computer system of claim 18, the processor 

input string matching a user power-on password or an further performing the step of: 

administrator password; comparing said user input string entered at said unified 

detecting a user input string entered at said unified pass- password prompt to said administrator password. 

word prompt; 20. The computer system of claim 18, the processor 

exiting a user password protected mode if said user input further performing the step of: 

string entered at said unified password prompt matches comparing said user input string entered at said unified 

said user power-on password; and password prompt to said user power-on password, 
exiting said user password protected mode if said user 65 21. The computer system of claim 18, wherein said user 

input string entered at said unified password prompt password protected mode allows for accessing and changing 

matches said administrator password. said user power-on password. 
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22. The computer system of claim 18, the processor exiting a user password protected mode if said user 
further performing the step of: input string entered at said unified password prompt 

initialing a cold boot of the computer system resulting in matches said user power-on password; and 

said step of generating a unified password prompt. exiling said user password protected mode if said user 

23. The computer system of claim 18, the processor 5 input string entered at said unified password prompt 
further performing the steps of: matches said administrator password. 

downloading said user power-on password from the non- 30. The computer system of claim 29, the processor 

volatile memory to a first security memory slot; further performing the step of: 

downloading said administrator password from the non- comparing said user input string entered at said unified 

volatile memory to a second security memory slot; password prompt to said user power-on password. 

locking the non-volatile memory and the security memory 31. The computer system of claim 29, the processor 

slots after said step of downloading said user power-on further performing the step of: 

password and said administrator password; comparing said user input string entered at said unified 

unlocking the first security memory slot if the user input 35 password prompt to said administrator password, 

string entered at said unified password prompt maldies 32. The computer system of claim 29, wherein said step 

said user power-on password; and of generating a unified password prompt is responsive to a 

unlocking the first security memory slot and the second cold boot of the computer system. 

security memory slot if the user input string entered at 33. The computer system of claim 29, wherein said step 
said unified password prompt matches said administra- ^ of generating a unified password prompt is responsive to a 

tor password. warm boot of the computer system. 

24. Ttc computer system of claim 18, the processor 34. jhe computer system of claim 29, comprising: 
further performing the step of: ^ gj^t non-volatile memory storing the administrator 

initiating a warm boot resulting in said step of generating password and the user power-on password; and 
a unified password prompt. ^ ^ ^^^^^ non-volatile memory storing the password veri- 

25. The computer system of claim 24, the processor fication code. 

further performing the steps of: 35 computer system of claim 34, wherein the first 
unlocking the first security memory slot if the user input non-volatile memory is a CMOS memory and the second 
siring entered at said unified password prompt matches non-volatile memory is a read-only memory- 
said user power-on password; and 3^. The computer system of claim 29, further comprising: 
unlocking the first security memory slot and the second ^ security device coupled to the memory, comprising: 
security memory slot if the user input string entered at a first security memory slot for storing the user power- 
said unified password prompt matches said administra- on password; and 

tor password. 35 a second security memory slot for storing the admin - 

26. The computer system of claim 18, tbe non-volatile istrator password. 

memory comprising: 37. A computer system for administrator access to a user 

a first non- volatile memory storing the administrator power-on password using a single password, comprising: 

password and the user power-on password; and a processor for executing code; and 

a second non-volatile memory storing the password veri- a non-volatile memory storing a user power-on password, 

fication code. an administrator password, and password verification 

27. The computer system of claim 26, wherein the first code, the password verification code executable by the 
non-volatile memory is a CMOS memory and the second processor and when executed, performing the steps of: 
non-volatile memory is a read-only memory. generating a password prompt for a user input string; 

28. The computer system of claim 18, further comprising: 45 detecting a user input string entered at the password 
a security device coupled to the memory, comprising: prompt; 

a first security memory slot for storing the user power- comparing said user input string to an administrator 

on password; and password; and 

a second security memory slot for storing the admin- allowing access to a user power-on password if said 

istrator password. user input string matches said administrator pass- 

29. A computer system for controlling administrator and word. 

user exit from a user password protected mode, comprising: 38. The computer system of claim 37, wherein said 

a processor for executing code; and aUowing access step comprises the step of allowing said user 

, . J * power-on password to be changed, 

memory stormg a user power-on password, an adminsi- 55 * * r 1 — it *u 

^ J J J .u 39. The computer system of claim 37, the processor 

trator password, and password verification code, the _ . . c 

password verification code executable by the processor ^^^^^ performmg the steps of: 

and when executed, performing the steps of: comparmg said user mput string to said user power-on 

generating a unified password prompt for accepting a password; and 

user input string matching a user power-on password aUowing access to said user power-on password if said 

or an administrator password; user input string matches said user power-on password. 

detecting a user input string entered at said unified 

password prompt; ***** 
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